Firebase user deleted but still logged in on device

Question

I started playing with a simple emailAndPassword authentication. I was able to create a user and sign-in. Then I went to the firebase console and deleted the user. Isn\'t th

Answer 1

Firebase Authentication tokens are valid for one hour and cached on the user's device. It is automatically refreshed by the client SDK. Deleting the account doesn't proactively reach out to all the user's devices to delete the token.

However, if you then try to read or write data that requires authentication, that should fail when using the cached token.